CVE-2022-22268 — Improper Authorization in Mobile Devices

CWE-285 — Improper Authorization CWE-552 — Files or Directories Accessible to External Parties3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 94.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Google Android

Timeline

PublishedJan 10

Latest updateJan 11

Description

Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 0.9 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesP(9.0), Q(10.0), R(11.0), S(12.0) — SMR Jan-2022 Release 1

▶NVDgoogle/android4 versions+3

🔴Vulnerability Details

GHSA

GHSA-xfp7-wvx8-2cw8: Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Sa↗2022-01-11

▶

CVEList

CVE-2022-22268: Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Sa↗2022-01-07

▶